Anti keylog editor of activex base

ABSTRACT

A security program has an ActiveX format for web browsers ans application programs, and comprises a software security input window for preventing leakage of keyboard data without an additional hardwired device but rather by using a conventional keyboard. Therefore, the present invention protects keyboard data on the web browsers or application programs.

TECHNICAL FIELD

[0001] A security program has an ActiveX format for web browsers andapplication programs, and comprises a software security input window forpreventing leakage of keyboard data without an additional hardwireddevice but rather by using a conventional keyboard.

[0002] Therefore, the present invention protects keyboard data on theweb browsers or application programs.

BACKGROUND OF THE INVENTION

[0003] (a) Field of the Invention

[0004] The present invention relates to a security program. Morespecifically, the present invention relates to a security program forpreventing leakage of keyboard data.

[0005] (b) Description of the Related Art

[0006] Conventional techniques of keyboard data security on the Internetinclude a product “Kis” released by Safetek (www.esafetek.com) inJanuary 2001, and devices for replacing keyboard data inputs using inputmeans (or methods) other than a Java-based virtual keyboard. However,since the former protects keyboard data on a hardware basis, it requiresan additional predetermined device, and it is accordingly difficult toprovide huge general-purpose services such as on the Internet, and thelatter, that is, the security method using an additional input means isnot greatly used because of users' lack of skill and the inconvenienceinvolved. Hence, even though it is urgently required to secure keyboarddata comprising important personal information on the Internet, nogeneral-purpose products have been provided to the market.

[0007] The present invention uses a keyboard to securely and easilyprocess input data.

SUMMARY OF THE INVENTION

[0008] It is an object of the present invention to prevent keyboard dataleakages because of hacking when a user inputs personal information,writes electronic mail, or produces a document on the Internet.

[0009] To accomplish the present invention, a keyboard data protectingfunction and a web browser supporting function are required.

[0010] In order to perform keyboard data security, first, when a scancode is transmitted to a keyboard device driver from a hardwiredkeyboard, leakage of the keyboard data remaining at the I/O port 60H ismust be prevented. However, since general application programs may notproperly control the leakage because of their hardwired properties andthe Windows properties, a virtual device driver (V×D) accessible to Ring0 is to be used to prevent the above-noted leakage.

[0011] Second, while the keyboard device driver converts the scan codeinto keyboard data and transmits the same to a system message queue, theconverted keyboard data may be leaked by external programs including APIhooking and message hooking. Since this process is included in theWindow's default operating system (USER.EXE) and it may not be protectedthrough general methods, another keyboard entry method that does not usethe Window's default system is to be supported.

[0012] Third, data leakage during the process of transmitting thekeyboard data to a desired application program must be prevented.Hackers may hook or monitor the APIs or messages used by the applicationprograms to leak the keyboard data. Therefore, a technique for securelytransmitting the keyboard data to the application program is to becreated.

[0013] In order to use the keyboard data on the web browser, first, itis needed for a security input window to be described using HTMLdocuments supported by the web browser. Since the security input windowdoes not follow the Window's default keyboard operating system, it is tobe realized through a specific method to be in cooperation with the webbrowser.

[0014] Second, it is required to support low level tasks includingcommunication with a virtual device driver V×D on the web browser, andcontrolling hardware because the security input window according to thepresent invention uses a security keyboard driver, and directly controlsthe hardwired keyboard to realize the security input window.

BRIEF DESCRIPTION OF THE DRAWINGS

[0015] The accompanying drawings, which are incorporated in andconstitute a part of the specification, illustrate an embodiment of theinvention, and, together with the description, serve to explain theprinciples of the invention:

[0016]FIG. 1 shows a whole configuration of a keyboard data securitysystem according to a preferred embodiment of the present invention;

[0017]FIG. 2 shows a keyboard data flowchart of a security input windowaccording to a preferred embodiment of the present invention;

[0018]FIG. 3 shows a data flowchart between a security keyboard driverand the ActiveX according to a preferred embodiment of the presentinvention;

[0019]FIG. 4 shows a web browser to which a security input window isapplied according to a preferred embodiment of the present invention;and

[0020]FIG. 5 shows an exemplified HTML source to which a security inputwindow is applied according to a preferred embodiment of the presentinvention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0021] In the following detailed description, only the preferredembodiment of the invention has been shown and described, simply by wayof illustration of the best mode contemplated by the inventor(s) ofcarrying out the invention. As will be realized, the invention iscapable of modification in various obvious respects, all withoutdeparting from the invention. Accordingly, the drawings and descriptionare to be regarded as illustrative in nature, and not restrictive.

[0022] The basic operation principle according to a preferred embodimentof the present invention is to not use a Microsoft Window standardkeyboard, but rather to use a security keyboard driver and a securityinput window to securely transmit the keyboard data input by the user toa web browser.

[0023]FIG. 1 shows a whole configuration of a keyboard data securitysystem, applied to a web browser, according to a preferred embodiment ofthe present invention.

[0024] Normal keyboard processing of Microsoft Windows will besubsequently described. Electrical signals generated from keyboardhardware 101 are provided to the 8255 of the motherboard, they arerepresented in scan codes, and they are provided to a virtual keyboarddriver (VKD) 102. The scan codes that are different depending on thekeyboard type are converted by the VKD 102 into keyboard messages usedas the standard of the operating system. The keyboard messages aretransmitted to a virtual machine (VM) currently activated according toUSER.EXE that is stored in a system message queue and which is a Ring 3component of the operating system. The keyboard data stored in the VMare transmitted to a web browser 105 through a thread message queue 103to perform a key input task.

[0025] However, the key input task of the security input windowaccording to a preferred embodiment of the present invention is realizedin a manner differing from the above-noted conventional description.

[0026] Regarding the principle of the key input security task in asecurity input window, electrical signals generated from keyboardhardware 101 are provided to the 8255 of the motherboard, they arerepresented in scan codes, and they are provided to a virtual keyboarddriver (VKD) 102. After this, the virtual keyboard driver 102 callsVKD_Filter_Keyboard_Input that represents a hooking function (a userredefinition function) for user-defined key management. When a carry isset and returned from the hooking function called by the virtualkeyboard driver 102, the virtual keyboard driver 102 ignores a keyboardmessage and aborts subsequent keyboard message processing. The hookingfunction in the security keyboard driver stores the keyboard data in itsqueue, sets a carry, and returns the carry. Therefore, the keyboardmessage is not transmitted to a system message queue, a thread messagequeue, and a web browser, thereby preventing leakage of the keyboarddata through message hooking. In this instance, the hooking function isprovided to and managed by a security keyboard driver.

[0027] The security keyboard driver redefines theVKD_Filter_Keyboard_Input to prevent message hooking. However, the scancode remains in the 8255 of the motherboard after the above-noted task.Scan code trace data may not be erased through a general method becauseof properties of the 8255. Hence, the keyboard hardware is controlled soas to erase the scan code trace data remaining in the 8255.

[0028] As to the method for erasing the trace data, when the hookingfunction calls the VKD_Filter_Keyboard_Input of the security keyboarddriver, a general control command (enable keyboard [F4H]) of thekeyboard hardware is output to the port 60 h. When receiving the controlcommand, the keyboard hardware enables the keyboard (initially enabled),erases the keyboard data stored in the keyboard hardware, and outputs anacknowledgement (FAh) to the 8255. In this process, the keyboard datastored in the keyboard hardware are erased, the trace data of the port60 h are changed to another value FAh, and accordingly, the scan codetrace data are erased. By using this process, keyboard data hackingusing a keyboard port scan is prevented.

[0029] As to the method for transmitting the keyboard data stored in thekeyboard data queue of the security keyboard driver to the securityinput window 110 having the ActiveX format, states of the queue of thesecurity keyboard driver are periodically monitored in the securityinput window to receive the stored keyboard data. When receiving thekeyboard data, the security input window converts the keyboard data of ascan code format into characters to store them, and displays them to ascreen for the user to check input states.

[0030] When the user inputs data in the security input window, andpresses one of a transmit button and a check button to go to a nexttask, the web browser 112 refers to data properties 111 of the securityinput window through scripts to proceed to perform tasks assigned by thescripts.

[0031]FIG. 2 shows a flowchart for interface and management between avirtual keyboard driver and a security keyboard driver. When a userpresses a keyboard button, the keyboard receives keyboard data from the8255 to generate a keyboard interrupt and call a virtual keyboard driverin step S201. The called virtual keyboard driver reads a value of theport 60H storing the keyboard data, stores it in a predeterminedregister, and calls a hooking function 210 of a nextVKD_Filter_Keyboard_Input. The hooking function 210 representing afunction that the security keyboard driver has, determines whether thesecurity keyboard driver is activated, and the hooking function 210 isterminated when the security keyboard driver is not activated. It alsoerases the keyboard data traces of the keyboard port 06 h using theabove-noted method and stores the keyboard data in its queue when thesecurity keyboard driver is activated. It then assigns a carry so thatthe virtual keyboard driver may not use the keyboard data, and it isterminated.

[0032] When calling the hooking function, the virtual keyboard driverchecks the carry to perform the existing virtual keyboard driver orignores the input keyboard data.

[0033]FIG. 3 shows a flowchart for processing keyboard data throughinterface between a security input window and a security keyboarddriver. The security input window uses a timer to periodicallycommunicate (function DeviceloControl) with the security keyboard driverin step S301 to receive security keyboard data in step S303.

[0034]FIG. 4 shows an exemplified web browser 405 to which a securityinput window 404 is applied, referring to HTML codes of FIG. 5.Referring to FIG. 4, when a user uses a keyboard 401 to input a webaddress in the security input window 404 of the browser 405, and pressesa button 406, the user is linked to the corresponding web page.

[0035]FIG. 5 shows the HTML codes of the exemplified web page includinga method 501 for describing the keyboard data input to the securityinput window in the HTML code format, and a method 502 for processingthe keyboard data input to the security input window in the HTML format.

[0036] The description of the security input window in the HTML formatis performed according to the ActiveX format, and the data reference ofthe security input window follows the ActiveX property format.

[0037] The security input window as shown in the subsequent example 502is expressed as the OBJECT in the HTML codes. <OBJECTclassid=”clsid:C1BF8F0F-05BA-497C-AEDA-F377E0867B3C” name=”akl1”codebase=”http://localhost/AKLEditXControl.cab#version=1,0,89,9”width=350 height=23 align=center hspace=0 vspace=0 > <param name=”Value”value=”www.yahoo.com”> <param name=”Border” value=”2”> <paramname=”BorderLeftcolor” value=”0”> <param name=”BorderRightcolor”value=”0”> <param name=”BorderTopcolor” value=”0”> <paramname=”BorderBottomcolor” value=”0”> <param name=”BorderStyle” value=”1”><param name=”Font” value=”MS Sans Serif”> <param name=”Size” value=”56”></OBJECT>

[0038] (Reference document:

[0039]http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/OBJECT.asp)

[0040] The next exemplar 501 describes a method for referring to thekeyboard data input to the security input window in the HTML codes.<script language=”javascript”> function geturl( ) { var ak = http:// +akl1.value; window.open(ak) } </script>

[0041] In the above codes, akl1.value is called to refer to the data ofthe security input window.

[0042] 1. The preferred embodiment of the present invention protects thekeyboard data input by a user on the Internet to increase reliability ofInternet-related industries and activate the industries.

[0043] Internet tasks including Internet banking, Internet games, webmail, web contents, and security document composition basically requirea user to use a keyboard. Leaked keyboard data may cause great confusionand damage to the Internet tasks of companies.

[0044] Therefore, the use of the security key input window preventsleakages of the keyboard data to improve reliability of Internetbusiness and to activate the Internet business, and it will reducedirect loss and damage caused by the leakage of the keyboard data.

[0045] 2. The preferred embodiment does not handle malicious programs inthe like manner of vaccine programs, but it copes with hacking, andhence, the preferred embodiment protects the user's keyboard dataagainst new programs and undetected hacking programs.

[0046] 3. Hackers may not steal the keyboard data using existing hackingtools if they have no new hacking techniques, which reduces the hackers'fields of action.

[0047] 4. The preferred embodiment provides a software security system,and it recovers the security level through an immediate improvement whenthe security level of the system is lowered, thereby increasing thereliability of keyboard data security and obtaining Internet businessrelated reliability.

[0048] While this invention has been described in connection with whatis presently considered to be the most practical and preferredembodiment, it is to be understood that the invention is not limited tothe disclosed embodiments, but, on the contrary, is intended to covervarious modifications and equivalent arrangements included within thespirit and scope of the appended claims.

What is claimed is:
 1. A security keyboard driver for erasing trace datato prevent a leakage of keyboard data.
 2. An ActiveX control comprisinga security function operable in cooperation with the security keyboarddriver of claim
 1. 3. A security keyboard driver for hooking a virtualkeyboard driver, and comprising an additional keyboard messageprocessing routine instead of a normal keyboard driver processingroutine (a kernel).
 4. An ActiveX control comprising a security functionoperable in cooperation with the security keyboard driver of claim 3.